How to install WireShark on Linux (CentOS/Ubuntu)

In our previous tutorial, we have learned about using tcpdump command to collect network packets for analysing/troubleshooting. But it can be a tiresome task to analyse all these network logs via CLI. But that’s not the only option, we can also install Wireshark, which has a GUI along with lots of features & makes it easy to capture & analyse the network packets.

Wireshark is free & Open source network packet analyser that is used for network analysis, troubleshooting etc. Wireshark is a cross platform software that is available for various Linux/UNIX distributions, Mac-OS , Solaris, BSD & Windows etc. It uses GTK for implement user interface & captures packets using PCAP.

Wireshark is quite similar to tcpdump, the major difference between the two is that wireshark has graphical interface with built in filtering options, which make is easy to use. Wireshark provides a number features, some of those features are,

Wireshark is available with the default CentOS package repositories & can be installed using YUM. Install wireshark on centos using the following command,

$ sudo yum install wireshark wireshark-qt

But you might not get the latest package for wireshark using this method. To get the latest package for wireshark we need to install it using source packages. The method to install wireshark from source package is mentioned below.

Installation on Ubuntu

Firstly install all the required dependencies for wireshark using the following command,

Once all the dependencies have been installed, install wireshark (available with default Ubuntu repositories) using the following command,

$ sudo apt-get install wireshark

You can also use the official repositories for Ubuntu to install the latest wireshark package, which might not be available with default Ubuntu repository. To install the latest wireshark using the official repository, run the following commands in same order,

$ sudo add-apt-repository ppa:wireshark-dev/stable

$ sudo apt-get update

$ sudo apt-get install wireshark

Installing Wireshark using source

To install the latest version of Wireshark, it is recommended that we install it by building package from source. So download the latest wireshark source package using the following command,

$ wget https://1.as.dl.wireshark.org/src/wireshark-2.6.5.tar.xz

Extract it using the following command,

$ tar -xf wireshark-2.4.2.tar.xz -C /tmp

$ cd /tmp/wireshark-2.4.2

than run the following commands to compile & install the source code,

$ ./autogen.sh

$ ./configure –enable-setcap-install

$ make

$ sudo make install

$ sudo ldconfig

That’s it, thi s will install wireshark on your machine. Now to start the wireshark, either open it through the menu or execute the following command to start wireshark through terminal,

$ wireshark

Note: If you are getting a ‘Permission Denied’ error when starting wireshark as local user, you can start the wireshark as root or with sudo privileges or add the local user to wireshark group using the following command,

$ sudo usermod -a -G wireshark username

Now try starting wireshark with again. It should work. Once the wireshark is working, you can than select any port to start the packet capture & than can apply filters fro analysing the data.

This completes our tutorial on installing Wireshark on Centos & Ubuntu systems. Please do send any queries or suggestions related to this article using the comment box below.

If you think we have helped you or just want to support us, please consider these :-